Skype is a software application that allows users to make voice and video calls and chats over the Internet. Calls to other users within theSkype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-baseduser account system.

According to Expert, Vulnerability was reported to Vendor on 2012-02-24, and Vendor Fix/Patch by Check on 2012-03-20. Affected versions are Skype - Windows, MacOs & Linux v5.8.0.156, 5.5.0.2340, 2.2 Beta.

The exploitation method will work Remotely. A pointer corruption vulnerability is detected on the windows v5.6.59.10 & macos v5.5.2340 client of the skype software.The bug is located in the software when processing special crafted symbole messages via communication box. The vulnerabilityallows an attacker to freeze, block, crash or destroy the communication messagebox of the connected conference persons/teams.

The bug also has an persistent weakness vector which allows an remote attacker to implement the symbole string to the contactuser requests messagebox. The result is also a stable persistent error message and a client denial of service. Attackers canalso implement the test poc to the group labelname which results in a stable group error with different exceptions.

The facebook integration allows to sync the account with skype and can also redisplay the issue with the error via facebook module and wallposting.The callto function allows an attacker to implement the issue persistent on a victim user profile by using the symbole string as nickname.